At WP Engine, we take the security of your sites very seriously, and we strive to keep you aware of any potential issues or vulnerabilities that could impact the sites you entrust to us.

We want take this opportunity to inform you that a critical security update has been made available for the WordPress SEO by Yoast plugin, which a portion of our customers use to improve search engine results. The update follows the discovery of a security flaw in the old version of the plugin could that allow authenticated individuals to perform Cross-Site Request Forgery (CSRF) and blind SQL injection using the bulk editor.

Due to the severity of the exploit, we’re asking our customers to update your WordPress SEO by Yoast plugin to the most recent version, which is available now via the Updates menu within your WordPress dashboard. And please make sure to run a backup of your site first. You can read more on how to perform a backup here: https://wpengine.com/support/restore/. We’ve emailed our affected customers, but wanted to post this information to our blog as well.

If you have any questions about updating your plugin or performing a backup please feel free to reach out to your WP Engine Support team at any time.